Web Directory Security

[kathrync2003]

Hello

I have a directory on my web server where I have placed directory security that prompts for a user name and password
into a secure area of my site.

I have a link on one of my web pages inside this directory whre the user can log out.

How do I locate where this login information
is stored.

 

[ChrisHirst]

no idea.
do you not know how the directory security was set up.





Chris.

Indifference will be the downfall of mankind, but who cares?
Woo Hoo! the cobblers kids get new shoes.
People Counting Systems

So long, and thanks for all the fish.

 

[Foamcow]

Do you mean where the login credential is stored on the visitor's machine or where the usernameassword pair is set up on your server?

What is it you are attempting to do?

<honk>*:O)</honk>

Earl & Thompson Marketing - Marketing Agency Services in Gloucestershire

 

[Stretchwickster]

If you're using HTTP Authentication (and it sounds like you might be, whether knowingly or not), I believe this can only be achieved by closing the browser down (see reference below).

With HTTP authentication, the client (such as a web browser) presents its own authentication dialog to the user when prompted for credentials by the server, after an initial request of a resource that is in a protected realm. (A realm is a URI, such as "/admin" and all resources under that URI, such as "/admin/moderation" and "/admin/users".) The user enters their username and password into the dialog, thereby authenticating themselves to the client for the requested realm. The client then uses those credentials to authenticate with the server for that realm from then on, until the client is exited. (I.e., there is usually no way to log out of a client authentication except by ending the client process.)

(Source:

http://www.artima.com/weblogs/viewpost.jsp?thread=155252)

Clive

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"To err is human, but to really foul things up you need a computer." (Paul Ehrlich)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To get the best answers from this forum see: faq102-5096

 

[kathrync2003]

Thanks for answering.

I mean where the login credential is stored on the visitor's machine.

I have a logout link and I want this link to
clear out the userid and password fields.

 

[ChrisHirst]

again it depends on how the logon is done. without that information it is impractical to say how you could log the user out.



Chris.

Indifference will be the downfall of mankind, but who cares?
Woo Hoo! the cobblers kids get new shoes.
People Counting Systems

So long, and thanks for all the fish.

 

[Foamcow]

...and as Stretchwickster stated, if you are using HTTP Authentication (as I too suspect you are) then you proabably won't be able to make the logout link work.

Although, the webdev plugin for Firefox manages to clear HTTP Authentication without restarting the browser. So it must be possible in some way. Perhaps by clearing out all the session vars?

<honk>*:O)</honk>

Earl & Thompson Marketing - Marketing Agency Services in Gloucestershire

 

[Foamcow]

[!]This isn't tested[/!] but if using PHP you could try something like the following:

$_SERVER['PHP_AUTH_USER']="";
$_SERVER['PHP_AUTH_PW']="";

This would probably be a question more suited to the forum for whichever server side language you are using.

<honk>*:O)</honk>

Earl & Thompson Marketing - Marketing Agency Services in Gloucestershire